Comments (12)
from ironic-image.
@yprokule Are they being launched by the BMO as privileged containers with host networking?
from ironic-image.
@juliakreger not sure how to check it, but here is containers' description from pod:
baremetal-operator:
Container ID: cri-o://ba633c4366c33bb0b4a8b457e891b88a78c93fb0f4d27b18ed35262bbfb2a1c9
Image: quay.io/metal3-io/baremetal-operator:master
Image ID: quay.io/metal3-io/baremetal-operator@sha256:9723f8bc650e83e135e1be3387c906ec4c5fc5213030a043d8f955b2f8f22638
Port: 60000/TCP
Host Port: 60000/TCP
Command:
/baremetal-operator
State: Running
Started: Mon, 29 Jul 2019 12:17:38 +0000
Ready: True
Restart Count: 0
Environment:
WATCH_NAMESPACE: openshift-machine-api (v1:metadata.namespace)
POD_NAME: metal3-baremetal-operator-74fdb86688-pw6c4 (v1:metadata.name)
OPERATOR_NAME: baremetal-operator
DEPLOY_KERNEL_URL: <set to the key 'deploy_kernel_url' of config map 'ironic-bmo-configmap'> Optional: false
DEPLOY_RAMDISK_URL: <set to the key 'deploy_ramdisk_url' of config map 'ironic-bmo-configmap'> Optional: false
IRONIC_ENDPOINT: <set to the key 'ironic_endpoint' of config map 'ironic-bmo-configmap'> Optional: false
IRONIC_INSPECTOR_ENDPOINT: <set to the key 'ironic_inspector_endpoint' of config map 'ironic-bmo-configmap'> Optional: false
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from metal3-baremetal-operator-token-9s57b (ro)
ironic-dnsmasq:
Container ID: cri-o://9cbc212cc120330dae1c053a04f7ef9593222642bb89446c63874efcf80c33e9
Image: quay.io/metal3-io/ironic:master
Image ID: quay.io/metal3-io/ironic@sha256:187b0a2918d4ec3c79f2aa2ffd8cfbae19603c75266a675789e5b014936088bb
Port: <none>
Host Port: <none>
Command:
/bin/rundnsmasq
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 3
Started: Mon, 29 Jul 2019 16:09:59 +0000
Finished: Mon, 29 Jul 2019 16:09:59 +0000
Ready: False
Restart Count: 49
Environment:
HTTP_PORT: <set to the key 'http_port' of config map 'ironic-bmo-configmap'> Optional: false
PROVISIONING_INTERFACE: <set to the key 'provisioning_interface' of config map 'ironic-bmo-configmap'> Optional: false
DHCP_RANGE: <set to the key 'dhcp_range' of config map 'ironic-bmo-configmap'> Optional: false
Mounts:
/shared from ironic-data-volume (rw)
/var/run/secrets/kubernetes.io/serviceaccount from metal3-baremetal-operator-token-9s57b (ro)
ironic-httpd:
Container ID: cri-o://8d567cb6e0382b1d48b9db032a04ec9585ba8aae86011ac5da0f439f2c6d3ab2
Image: quay.io/metal3-io/ironic:master
Image ID: quay.io/metal3-io/ironic@sha256:187b0a2918d4ec3c79f2aa2ffd8cfbae19603c75266a675789e5b014936088bb
Port: <none>
Host Port: <none>
Command:
/bin/runhttpd
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 3
Started: Mon, 29 Jul 2019 16:10:03 +0000
Finished: Mon, 29 Jul 2019 16:10:03 +0000
Ready: False
Restart Count: 49
Environment:
HTTP_PORT: <set to the key 'http_port' of config map 'ironic-bmo-configmap'> Optional: false
PROVISIONING_INTERFACE: <set to the key 'provisioning_interface' of config map 'ironic-bmo-configmap'> Optional: false
Mounts:
/shared from ironic-data-volume (rw)
/var/run/secrets/kubernetes.io/serviceaccount from metal3-baremetal-operator-token-9s57b (ro)
ironic-api:
Container ID: cri-o://b1b3e604f303bf93fedd0d5b43f8116917a3392568598443ff1ac56ad1c78d33
Image: quay.io/metal3-io/ironic:master
Image ID: quay.io/metal3-io/ironic@sha256:187b0a2918d4ec3c79f2aa2ffd8cfbae19603c75266a675789e5b014936088bb
Port: <none>
Host Port: <none>
Command:
/bin/runironic-api
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 3
Started: Mon, 29 Jul 2019 16:11:05 +0000
Finished: Mon, 29 Jul 2019 16:11:05 +0000
Ready: False
Restart Count: 49
Environment:
MARIADB_PASSWORD: <set to the key 'password' in secret 'mariadb-password'> Optional: false
HTTP_PORT: <set to the key 'http_port' of config map 'ironic-bmo-configmap'> Optional: false
PROVISIONING_INTERFACE: <set to the key 'provisioning_interface' of config map 'ironic-bmo-configmap'> Optional: false
Mounts:
/shared from ironic-data-volume (rw)
/var/run/secrets/kubernetes.io/serviceaccount from metal3-baremetal-operator-token-9s57b (ro)
from ironic-image.
@imain @dhellmann All containers except the baremetal-operator have privileged set to True. https://github.com/openshift-metal3/dev-scripts/blob/master/operator_ironic.yaml
from ironic-image.
@yprokule Are your steps to reproduce purely fire-up an install with openshift-metal3/dev-scripts? Or are you taking other steps?
from ironic-image.
I suspect the only option here is to try ingress policy filters for the pod....
In other words, remove the ip tables statements and we update the yaml loading the pod. Thoughts? @dtantsur @derekhiggins
see: https://kubernetes.io/docs/concepts/services-networking/network-policies/
from ironic-image.
As long as it works - I'm good with it :) I iptables
might have been a temporary solution while we were launching ironic directly via podman
.
from ironic-image.
I thought this error could be ignored but maybe i'm wrong,
hmm, in the pod description(above) i don't see mention of privileged (as in https://github.com/metal3-io/baremetal-operator/blob/8169897aeb6580c27671f1b78d6217a541c8e079/deploy/operator_ironic.yaml#L60)
securityContext:
privileged: true
not sure if its relevant tbh..
from ironic-image.
from ironic-image.
I think #83 fixes this.
from ironic-image.
What environment are you running this on? Is it a baremetal deployment? I'm wondering if 'provisioning interface' is set correctly?
from ironic-image.
What environment are you running this on? Is it a baremetal deployment? I'm wondering if 'provisioning interface' is set correctly?
Virtual, deployed with make script from dev-scripts
from ironic-image.
Related Issues (20)
- runmariadb seems to fail with MariaDB 10.3.28 HOT 3
- machine partition creation issue when qcow2 user image is supplied HOT 8
- Security scan reports high level vulnerabilities in ironic and ironic-inspector images HOT 5
- ProvisioningError :blkid returns with Exit code:2 HOT 9
- Split up separate components into seperate Images HOT 17
- ironic.common.exception.InvalidMAC: Expected a MAC address but received (WWN) HOT 6
- Image metal3-io/ironic:capm3-v0.4.3 unavailable. HOT 3
- Change default branch to "main" HOT 4
- Ironic image cache cleaning removes some of the images
- Image metal3-io/ironic:capm3-v0.5.4 unavailable HOT 3
- Error setting up bootloader. Error UTF-16 stream does not start with BOM: UnicodeError: UTF-16 stream does not start with BOM HOT 11
- unable to build base image HOT 4
- Missing idrac-redfish interface for raid HOT 1
- Feature request: Environment variable to change IPA collectors HOT 1
- Introducing ipxe security hardening options HOT 9
- Nova power notification warning in log HOT 2
- Allow overriding/specifying IRONIC_IP/IRONIC_URL_HOST HOT 8
- Proposal: Extract configuration generation to init-container HOT 20
- Support building for multiple architectures HOT 4
- Ironic-image can't use to be as a http HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ironic-image.